8000 update word list for rule 932125 (RCE Windows command injection - PowerShell aliases) · Issue #2693 · coreruleset/coreruleset · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

update word list for rule 932125 (RCE Windows command injection - PowerShell aliases) #2693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #2621
fzipi opened this issue Jul 19, 2022 · 1 comment · Fixed by #3050
Closed
Tracked by #2621

update word list for rule 932125 (RCE Windows command injection - PowerShell aliases) #2693

fzipi opened this issue Jul 19, 2022 · 1 comment · Fixed by #3050
Labels
⚡ list update

Comments

@fzipi
Copy link
Member
fzipi commented Jul 19, 2022
edited
Loading

PowerShell aliases can be obtained by running Get-Alias in a PSH terminal. We would like to get those as a simple one-liner so we don't depend on having a Windows installation.
@fzipi fzipi mentioned this issue Jul 19, 2022
Closed
34 tasks
@fzipi fzipi changed the title update word list for rule 932120 (RCE Windows command injection - PowerShell aliases) update word list for rule 932125 (RCE Windows command injection - PowerShell aliases) Jul 20, 2022
@fzipi
Copy link
Member Author
fzipi commented Nov 29, 2022

Thanks to the help of the Azure team (in particular Eric Schwabe), we got this one-liner to update this list: curl -s https://raw.githubusercontent.com/PowerShell/PowerShell/master/src/System.Management.Automation/engine/InitialSessionState.cs -o - | awk -F\" '/new SessionStateAliasEntry\("/ { print $2; }'

@coreruleset coreruleset deleted a comment from github-actions bot Nov 29, 2022
@fzipi fzipi mentioned this issue Dec 11, 2022
Merged
fzipi added a commit that referenced this issue Dec 11, 2022
@fzipi
feat(932125): update list with latest aliases (#3050)
5c4add4 
Fixes #2693
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
⚡ list update
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(932125): update list with latest aliases fzipi/coreruleset
1 participant
@fzipi
0